A.1 Instance Creation and Process Management

In 10g (10.1.4.0.1) and earlier releases, configuration information for an instance of Oracle Internet Directory was stored in a configuration set, which had a DN of the form:

cn=configsetN,cn=osdldapd,cn=subconfigsubentry

where N is an integer. You created a new Oracle Internet Directory instance by creating a new configsetN entry and then executing:

oidctl connect=connStr config=N inst=InstNum flags="...." start

to start the instance.

11g Oracle Internet Directory Instance Creation

In 11g Release 1, the procedure for creating an instance has changed. Configuration information for an Oracle Internet Directory instance now resides in an instance-specific configuration entry, which has a DN of the form

cn=componentname,cn=osdldapd,cn=subconfigsubentry

where componentname is the name of a Oracle Fusion Middleware system component of Type=OID, for example, oid1. You do not manually create an instance-specific configuration entry. Instead, you create a Oracle Fusion Middleware component of Type=OID. Creating the Oracle Internet Directory component automatically generates an instance-specific configuration entry.

Note:

The entry in configset0 still exists in 11g, but it is read-only and used to store default attribute values for seeding new instance-specific configuration entries.

The first Oracle Internet Directory system component is created during installation. The first Oracle Internet Directory system component, oid1 by default, is created during installation with the Oracle instance name asinst_1 by default. The corresponding configuration entry for this component is cn=oid1,cn=osdldapd,cn=subconfigsubentry. There are two ways to create an additional Oracle Internet Directory instance:

Adding another component of Type=OID by using opmnctl createcomponent. For example:

If you use opmnctl to add a system component with oid2 as the component name, then an additional instance with componentname=oid2 is configured within the given Oracle instance, which is asinst_1 by default. This instance of Oracle Internet Directory can be started and stopped by using the opmnctl command with ias-component=oid2 or by using Fusion Middleware Control. The instance-specific configuration entry for this instance is cn=oid2,cn=osdldapd,cn=subconfigsubentry and the configuration attributes in that entry can be updated to customize the instance. For more information about instance-specific configuration attributes, see Section 9.1.3, "Attributes of the Instance-Specific Configuration Entry."

Note:

You can use oidctl to create an instance if you are running Oracle Internet Directory as a standalone server, not part of a WebLogic domain. When you create an instance with oidctl, you must use oidmon and oidctl to stop and start the instance. An Oracle Internet Directory instance created with oidctl cannot be registered with a WebLogic server, so you cannot use Oracle Enterprise Manager Fusion Middleware Control to manage the instance. See Appendix B, "Managing Oracle Internet Directory Instances by Using OIDCTL."

11g Replication Server

Use oidctl or Oracle Enterprise Manager Fusion Middleware Control to start replication on an instance the first time. After that, opmnctl stops and starts replication when it stops and starts the component. If you must stop and start the Oracle Internet Directory Replication Server for administration purposes, use oidctl or Oracle Enterprise Manager Fusion Middleware Control.

In 10g (10.1.4.0.1), many configurable Oracle Internet Directory attributes resided in the DSE Root and in the configset entry, for example, cn=configset0,cn=osdldapd,cn=subconfigsubentry. In 11g Release 1, most of these have been moved to the instance-specific configuration entry or the DSA configuration entry.

Most attributes that resided in the instance-specific configuration set at 10g (10.1.4.0.1) are now stored in the instance-specific configuration entry in 11g Release 1. In addition, some attributes that resided in the DSA configuration entry are now instance-specific and have been moved to the instance-specific configuration entry.

Notes:

During an upgrade to 11g, attributes are created in their new locations with default values. An attribute's value prior to the upgrade is not preserved unless the attribute is in the same location in 11g.

If you manage attributes from the command line, ensure that the DNs specified on the command line or in LDIF files reflect the 11g locations of the attributes.

Table A-1 lists 10g attributes, their locations in 10g and in 11g, and their default values in 11g. In the following table, "Instance Specific" implies that the attribute is located in the instance-specific configuration entry, for example cn=oid1,cn=osdldapd,cn=subconfigsubentry and DSA Config is cn=dsaconfig,cn=configsets,cn=oracle internet directory. Attributes in the DSA Config entry are shared by all Oracle Internet Directory instances and components.

A.3 Default Ports

During installation of Oracle Internet Directory, Oracle Identity Management 11g Installer follows specific steps in assigning the SSL and non-SSL port. First, it attempts to use 3060 as the non-SSL port. If that port is unavailable, it tries ports in the range 3061 to 3070, then 13060 to 13070. Similarly, it attempts to use 3131 as its SSL port, then ports in the range 3132 to 3141, then 13131 to 13141.

If you perform an upgrade from an earlier version of Oracle Internet Directory to 11g Release 1, your port numbers from the earlier version are retained.

A.4 Enabling Server Debugging

In 10g, you could enable debugging either by using a debug option when you invoked the server or by setting orcldebugflag, which was in the root DSE.

In 11g, you cannot enable debugging by using debug options when you invoke the server. You enable debugging of the directory server by changing the attribute orcldebugflag, which is now in the instance-specific configuration entry, which has a DN of the form:

cn=componentname,cn=osdldapd,cn=subconfigsubentry

You can change orcldebugflag either by using the Server Properties page, Logging tab, in Fusion Middleware Control or by using ldapmodify. For example, you could use the following LDIF file to configure the Oracle Internet Directory instance in system component oid1 for heavy trace debugging.

A.5 Command Line Tools

Most commands now require that the environment variable ORACLE_INSTANCE be set.

New options have been added to opmnctl and oidctl.

Several Oracle Internet Directory administration tools and bulk tools take a connect argument that specifies the Oracle Database to connect to. In 10g, if you did not include a connect argument on the command line, the command would take the value of the environment variable ORACLE_SID by default. In 11g Release 1, you must use the connect argument to specify the database. Oracle Internet Directory and Oracle Database are not installed in the same ORACLE_HOME, so ORACLE_SID is irrelevant. Therefore, you must use the connect argument to specify the database, for example connect=oiddb.

A.6 Path Names

In Oracle Fusion Middleware 11g Release 1, files that are updatable are installed under ORACLE_INSTANCE and most product binaries are stored under ORACLE_HOME. As a result, the path names of most configuration files and log files are different than in 10g (10.1.4.0.1). Table A-2 lists some examples:

A.10 Server Chaining

Server chaining now supports Novell eDirectory, as well as Microsoft Active Directory and Sun Java System Directory Server, formerly known as SunONE iPlanet. The attributes mapUIDtoADAttribute, showExternalGroupEntries, showExternalUserEntries, and addOrcluserv2ToADUsers have been added since Oracle Internet Directory 10g (10.1.4.0.1).

A.11 Replication

You can set up and manage LDAP-based replication by using the replication wizard in Oracle Enterprise Manager Fusion Middleware Control. A separate Replication page enables you to adjust attributes that control the replication server.

You can now use LDAP-based replication for multimaster directory replication groups. You no longer need Oracle Database Advanced Replication-based replication for this purpose. If you want to replicate Oracle Single Sign-On, however, you still must use Oracle Database Advanced Replication-based replication.

A.12 Oracle Directory Integration Platform

In 10g (10.1.4.0.1), the Oracle Directory Integration Platform server was under the control of OIDMON, like the LDAP and replication servers. For 11g Release 1, Oracle Directory Integration Platform has been reimplemented as a J2EE application, and is started and stopped separately from Oracle Internet Directory servers.

Oracle Fusion Middleware 11g Release 1 does not include Oracle Single Sign-On or Oracle Delegated Administration Services. Oracle Internet Directory 11g Release 1 however, is compatible with Oracle Single Sign-On 10g (10.1.4.3.0) or later and Oracle Delegated Administration Services 10g (10.1.4.3.0) or later.

A.14Java Containers

In Oracle Application Server 10g, Java applications ran in instances of Oracle Containers for Java. In the current release, they run in instances of WebLogic. Oracle Directory Services Manager and Oracle Directory Integration Platform are Java components that run in WebLogic managed servers.

The Oracle Internet Directory LDAP and replication servers, as C programs, are system components and are not affected by this change. The Java server plug-ins run in a JVM within the oidldapd server itself. This is implemented using the Java Native Interface (JNI).